We're in a similiar situation, but with many intermediate CAs and root CAs for all the possible client certificates we accept.
We have all of these concatenated into a single file for the ssl_client_certificate directive.
We have CRLs for some of these and not for others.
Is there any way we configure nginx so it will honour the ones we have, without requiring us to have a CRL for all of them?
We've tried combining the ones we have into a single file, and using that in the ssl_crl directive, but it still gives us a 400 Bad Request error.
With apache we were able to specify the directory they are all in, and have it process the ones we have.